The rapid, efficient and secure transaction of financial and other services is becoming critical to the competitiveness of individual businesses and national economies. In the past, financial transactions were necessarily slow and cumbersome, generally requiring an individual to verify his identity by meeting with a representative of the financial institution responsible for executing the transaction. Although inconvenient and somewhat inflexible, such systems were useful in reducing transaction fraud because they predicated verification of the individual's identity based on certain unique biometric data, such as one's signature, physical appearance, voice character, etc, in addition to the individual's personal knowledge of his financial account numbers and secret codes.
With the advent of computerized financial networks, the problem of transaction fraud has become keenly acute, facing not only private business, but local, state and federal governments as well. In order to cut costs and increase the flexibility of making financial transactions, many financial institutions have greatly reduced staff and office hours in favor of automated teller machines ("ATM"s), which provide the consumer with round the clock access to his various accounts and allow the consumer to make financial transactions without visiting a bank. More recently, retail establishments have taken advantage of the existence of such computerized banking services by installing apparatus capable of reading a consumer's ATM card and making a direct debit from the consumer's account at the point of purchase. Unfortunately, the use of ATMs and similar devices has greatly increased transaction fraud because in such systems verification of a user's identity is not predictated on unique biometric data. Rather, all that is required for verification is the presentation of a token, such as a credit card or ATM, and the entry of the personal identification number ("PIN") encoded in a magnetic strip on the token. It is estimated that billions of dollars are lost annually through transaction fraud. Ultimately, these costs are passed back to the consumer in the form of higher prices for goods and services, and in the form of higher taxes.
Today, a considerable proportion of financial transactions, stock trading, commodity trading, business purchases and billings are transacted electronically. In these systems, the necessary data for identifying and locating the user's accounts are magnetically recorded on a token that user must insert into the ATM or similar device to initiate access to his accounts. The token is further provided with a personal identification number ("PIN"), which ideally is known only to the user and the financial institution controlling the account. Although the combination of an account number and PIN will be unique to the user, the ability to possess and communicate such data will not be unique to the user. Rather, existing security systems of computer networks will recognize anyone capable of entering the appropriate account and PIN as the authorized user of those accounts. Further, in most instances, access will be dependant upon the physical presentation of the appropriate token. Known security systems for limiting access to secured computer systems require that authorized user to possess and present a unique (but reproducible) token, such as a credit card or ATM card, and require the user to know and present a personal identification code, which is generally numeric in character.
Unfortunately, this almost universal system of access to secured systems has very serious flaws. First, access can be gained by anyone possessing the appropriate token and knowledge of the PIN linked to the token and ultimately to the user's account. The rapid increases in ATM crime and counterfeit credit card scares are testament to this point. Although token and code security systems do reduce the risk of unauthorized access, such security systems are nevertheless significantly susceptible to fraud. Because verification of user identity is based solely on data that can be easily reproduced and transferred between individuals, as opposed to data that is unique to and irreproducible from the user, such security systems must rely on both the diligence and the luck of the authorized user in maintaining this information as proprietary. The significant increase in ATM crime and counterfeit credit card scams are testament to the weaknesses of these systems, as are the plaintiff cries of the head of household who unwisely tendered both token and code to a less than thrifty friend or family member.
In addition to the significant ongoing risk of fraud, token and code security systems are frequently cumbersome for consumers to use. First, the consumer must physically possess the token in order to initiate access to the desired account. This inconvenience is greatly compounded by the fact that consumer often maintains a variety of active financial accounts, each issuing its own unique token and code. This requires the consumer not only to carry numerous tokens, but to remember each specific code for each specific token. Of course, a proliferation of tokens decreases the ability of the consumer to maintain the high degree of proprietary control upon which the token and code system relies.
Recently, various workers have attempted to overcome problems inherent in the token and code security system. One major focus has been to encrypt, variabilize or otherwise modify the PIN code to make it more difficult for an unauthorized user to carry out more than one transaction, largely by focusing on manipulation of the PIN access code to make such code more fraud resistant. A variety of approaches have been suggested, such introducing an algorithm that varies the PIN in a predictable way known only to the user, thereby requiring a different PIN code for each subsequent accessing of an account. For example, the PIN code can be varied and made specific to the calendar day or date of the access attempt. In yet another approach, a time-variable element is introduced to generate a non-predictable PIN code that is revealed only to an authorized user at the time of access. Although more resistant to fraud that systems incorporating non-variable codes, such an approach is not virtually fraud-proof because it still relies on data that is not uniquely and irreproducibly personal to the authorized user. Further, such systems further inconvenience consumers that already have trouble remembering constant codes, much less variable ones. Examples of these approaches are disclosed in U.S. Pat. Nos. 4,837,422 to Dethloff et al.; U.S. Pat. No. 4,998,279 to Weiss; U.S. Pat. No. 5,168,520 to Weiss; U.S. Pat. No. 5,251,259 to Mosley; U.S. Pat. No. 5,239,538 to Parrillo; U.S. Pat. No. 5,276,314 to Martino et al.; and U.S. Pat. No. 5,343,529 to Goldfine et al. all of which are incorporated herein by reference.
More recently, some workers turned their attention from the use PIN codes to the use of unique biometric data as the basis of identity verification, and ultimately computer access. In this approach, an authenticated biocharacteristic is voluntarily recorded from a user of known identity and stored for future reference. In every subsequent access attempt, the user is required to enter physically the requested biocharacteristic, which is then compared to the authenticated biocharacteristic to determine if the two match in order to verify user identity. Because the biocharacteristic is uniquely personal to the user and because the act of physically entering the biocharacteristic is virtually irreproducible, a match is putative of actual identity, thereby decreasing the risk of fraud. Various biocharacteristics have been suggested, such as finger prints, hand prints, voice prints, retinal images, handwriting samples and the like. However, because the biocharacteristic is generally stored in electronic (and thus reproducible) form on a token and because the comparison and verification process is not isolated from the hardware and software directly used by the individual attempting access, a significant risk of fraudulent access still exists. Examples of this approach to system security are described in U.S. Pat. Nos. 4,821,118 to Lafreniere; U.S. Pat. No. 4,993,068 to Piosenka et al.; U.S. Pat. No. 4,995,086 to Lilley et al.; U.S. Pat. No. 5,054,089 to Uchida et al.; U.S. Pat. No. 5,095,194 to Barbanell; U.S. Pat. No. 5,109,427 to Yang; U.S. Pat. No. 5,109,428 to Igaki et al.; U.S. Pat. No. 5,144,680 to Kobayashi et al.; U.S. Pat. No. 5,146,102 to Higuchi et al.; U.S. Pat. No. 5,180,901 to Hiramatsu; U.S. Pat. No. 5,210,588 to Lee; U.S. Pat. No. 5,210,797 to Usui et al.; U.S. Pat. No. 5,222,152 to Fishbine et al.; U.S. Pat. No. 5,230,025 to Fishbine et al.; U.S. Pat. No. 5,241,606 to Horie; U.S. Pat. No. 5,265,162 to Bush et al.; U.S. Pat. No. 5,321,242 to Heath, Jr.; U.S. Pat. No. 5,325,442 to Knapp; U.S. Pat. No. 5,351,303 to Willmore, all of which are incorporated herein by reference.
As will be appreciated from the foregoing discussion, a dynamic but unavoidable tension arising in attempting to design a security system that is highly fraud resistant, but nevertheless easy and convenient for the consumer to use. Unfortunately, none of the above-disclosed proposed improvements to the token and code system adequately address, much less attempt to balance, this tension. Such systems generally store the authenticated biocharacteristic in electronic form directly on the token that can easily be copied. Further, such systems do not adequately isolate the identity verification process from tampering by someone attempting to gain unauthorized access.
An example of token-based security system which relies on a biocharacteristic of a user can be found in U.S. Pat. No. 5,280,527 to Gullman et al. In Gullman's system, the user must carry and present a credit card sized token (referred to as a biometric security apparatus) containing a microchip in which is recorded characteristics of the authorized user's voice. In order to initiate the access procedure, the user must insert the token into a terminal such as an ATM, and then speak into the terminal to provide a biocharacteristic input for comparison with an authenticated input stored in the microchip of the presented token. The process of identity verification is generally not isolated from potential tampering by one attempting unauthorized access. If a match is found, the remote terminal may then signal the host computer that access should be permitted, or may prompt the user for an additional code, such as a PIN (also stored on the token), before sending the necessary verification signal to the host computer.
Although Gullman's reliance of comparison of stored and input biocharacteristics potentially reduces the risk of unauthorized access as compared to numeric codes, Gullman's use of the token as the repository for the authenticating data combined with Gullman's failure to isolate the identity verification process from the possibility of tampering greatly diminishes any improvement to fraud resistance resulting from the replacement of a numeric code with a biocharacteristic. Further, the system remains somewhat cumbersome and inconvenient to use because it too requires the presentation of a token in order to initiate an access request.
Thus, it will be appreciated that there has long been a need for a computer access security system that is both highly fraud-resistant and that is convenient and efficient for the user to operate.
There is also a need for a security system that is capable of verifying a user's personal identity, based upon an irreproducible biocharacteristic that is unique and physically personal to an authorized user, as opposed to verifying an individual's possession of physical objects and information that can be transferred freely between different individuals. Such a biocharacteristic must be easily and non-intrusively obtained; must be easy and cost-effective to store and analyze; and must not unduly invade the user's privacy rights.
A further need in computer access security system design is user convenience. It is highly desirable for a consumer to able to access the system spontaneously, particularly when unexpected needs arise, with a minimum of effort. In particular, there is a need for a security system greatly reduces or eliminates the need to memorize numerous or cumbersome codes, and that eliminates the need the need to possess, carry, present a proprietary object in order to initiate an access request.
Such systems must be simple to operate, accurate and reliable. There is also a need for a computer security access system that can allow a user to access all accounts and procure all services authorized to the user, such as access and carry out transactions in and between all financial accounts, make point of purchase payments, receive various services, etc.
There is further a great need for a computer security access system that affords an authorized user the ability to alert authorities that a third party is coercing the user to request access without the third party being aware that an alert has been undertaken. There is also a need for such a system that is nevertheless able to effect, unknown to the coercing third party, temporary restrictions on the types and amounts of transactions that can be undertaken once access is granted.
Finally, the security system must be affordable and flexible enough to be operatively compatible with existing networks having a variety of transaction devices and system configurations.